Cybersecurity researchers have found evidence that at least some of the recent anti-lockdown … [+]
NurPhoto via Getty Images
Gun advocacy and conservative groups are responsible for astroturfing the reopen America campaign that has swept the US in recent days, according to research from cybersecurity experts.
Since April 15, protests against coronavirus lockdown measures have been sweeping across various American states. Informally unified under the ‘Reopen America’ slogan, they seek an end to measures intended to curb the spread of the coronavirus. They’ve arguably been flared up by tweets President Donald Trump posted on April 17.
But according to new research from cybersecurity researchers, many of these protests are neither spontaneous nor organic. Cybersecurity expert Brian Krebs and researchers at DomainTools have separately analysed web addresses including the word “reopen.” And interestingly, they’ve found that many of these can be linked to domains associated with gun advocacy groups, lobbyists, and other conservative organisations.
Published today, a report from DNS-focused cybersecurity firm DomainTools concludes that over 500 new domains related to the protests have been registered in the past month. Many of them are linked to only a few groups.
By gathering domain names that include the same words, and by analysing the domains for other similarities, DomainTools was able to determine that many of them “redirect to a state-based firearms coalition group.” And according to its senior security researcher, Chad Anderson, these groups tie back to Aaron Dorr, a registered lobbyist for the state of Iowa.
Anderson goes on to explain that the “reopen” websites linked to Aaron Dorr bear various similarities, including the fact that they were built using nonpartisan advocacy platform One Click Politics and also WordPress. By looking at one of them, the Iowa Gun Owners website, DomainTools was able to find Dorr’s telephone number.
DomainTools then examined the historical SSL certificates used for each of the firearms advocacy domains, finding Mr. Dorr’s personal domain and also numerous other domains associated with other firearm’s coalitions elsewhere in the US. For Chad Anderson and his colleagues, this “raised the likelihood for us that Mr. Dorr was the one running these campaigns.”
In other words, a batch of the “reopen America” domains are the work of a single gun advocacy network. And something very similar is suggested by recent research published by Brian Krebs.
On April 20, Krebs published an article titled, “Who’s Behind the ‘Reopen’ Domain Surge?” In it, he also reports on running a domain search for any domains registered in the past month with “reopen” in them.
This search brought up a list of around 150 domains. Startlingly, Krebs concludes that “a review of other details about these domains suggests a majority of them are tied to various gun rights groups, state Republican Party organizations, and conservative think tanks, religious and advocacy groups.”
As Krebs explains, “reopenmn.com” redirects to “minnesotagunrights.org,” which is linked to an individual living in Florida. According to Krebs, this same person registered “reopenpa.com,” a site that redirects to the Pennsylvania Firearms Association, and which “urges the state’s residents to contact their governor about easing the COVID-19 restrictions.”
Krebs also finds evidence that “Reopen.pa” is tied to a Facebook page named Pennsylvanians Against Excessive Quarantine. It has 68,000 members, and attempted to arrange an “Operation Gridlock” protest at midday on April 20 in Pennsylvania.
He finds other similar links. The domains “reopenoureconomy.com” and “reopensociety.com” are linked to FreedomWorks, a conservative group that has reportedly been holding virtual meetings with members of Congress.
Perhaps most alarmingly of all, Krebs finds that “Reopenmississippi.com” was registered on April 16 to In Pursuit Of LLC, a Virginia-based conservative group with several former employees who Krebs claims now work at the White House or in cabinet agencies.
And as with DomainTools, he also finds evidence that lobbyist Aaron Dorr is behind a number of “reopen” sites.
While a portion of the sites can’t be linked to particular groups, the fact that many of them can raises questions about the legitimacy, transparency and authenticity of the anti-lockdown protests now moving across America. It does indeed seem as though many of these demonstrations may have been astroturfed by front organisations.
They also reveal how, in the Internet Age, democracy and political expression can all-too easily be manipulated and distorted. And it’s likely that at a time when people are more worried about fighting a dangerous pandemic, it will sadly be easier for cynical groups to manipulate and distort them.
Aaron Dorr has been contacted for comment.